do you have "lookup file bind" record in your /etc/resolv.conf file?
On Mon, Sep 13, 2021 at 10:20:30AM +0200, Simon Hoffmann wrote: > > > > Has been reported previously - > > https://github.com/OpenSMTPD/OpenSMTPD/issues/1115 > > Thanks for the link, this did not come up in my searches. > > However, > > > The link also contains a workaround which may be useful for you. > > the only "workaround" I could find was to specify the internal IP instead of > the > hostname. I've tried this before and I've tried this just now, in both cases > it does > not work, because, as I said, the private IP is not part of the certificate > and > OpenSMTPd checks the certificate. > > Is there a way to disable cert checking? > > Log output: > > Sep 13 10:04:54 mx01 smtpd[25157]: 10ba299cf5ba5905 mta connecting > address=smtp+tls://192.168.158.1:25 host=uhura.hoffmann.computer > Sep 13 10:04:54 mx01 smtpd[25157]: 10ba299cf5ba5905 mta connected > Sep 13 10:04:54 mx01 smtpd[25157]: 10ba299cf5ba5905 mta tls > ciphers=TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256 > Sep 13 10:04:54 mx01 smtpd[25157]: 10ba299cf5ba5905 mta ssl_check_name: no > match for '192.168.158.1' in cert > Sep 13 10:04:54 mx01 smtpd[25157]: 10ba299cf5ba5905 mta error reason=SSL > certificate check failed > Sep 13 10:04:54 mx01 smtpd[25157]: smtp-out: Disabling route [] <-> > 192.168.158.1 (uhura.hoffmann.computer) for 15s > Sep 13 10:04:56 mx01 smtpd[25157]: smtp-out: No valid route for > [connector:[]->[relay:192.168.158.1,port=25,smtp+tls,mx,heloname=mx01.klm.hoffbox.net],0x0] > > > Thanks, > > Simon > > > > > Best, > > Aisha > > > > On 9/12/21 5:28 PM, Simon Hoffmann wrote: > > > Hey yall, > > > > > > in my smtpd.conf file I have "relay smtps://host.domain.tld" > > > > > > host.domain.tld does resolve to a public IP, and this needs to be a > > > public IP on > > > public DNS. > > > However, OpenSMTPd needs to relay to the local IP address of the > > > smarthost. > > > Since I have no DNS server running on that network, and i dont want to > > > setup a DNS > > > server only for OpenSMTPd, I added an enty to /etc/hosts, assigning the > > > local IP to > > > the FQDN. > > > When i ping the FQDN it correctly resolves to the internal IP of the > > > smarthost. > > > However, OpenSMTPd ignores the entry in /etc/hosts and still tries to > > > connect to the > > > public IP of the host. > > > > > > Is this known that OpenSMTPd ingores /etc/hosts? Or is this a problem on > > > Debian? > > > Is there a workaround? Specifying "relay smtps://192.168.158.1" will not > > > work, as the > > > private IP is not part of the Cert. > > > Can I force OpenSMTPd to use the internal IP? Can I disable Cert checking > > > for the > > > smarthost? > > > > > > Thanks! > > > > > > System details: > > > > > > root@mx01:~# lsb_release -a > > > No LSB modules are available. > > > Distributor ID: Debian > > > Description: Debian GNU/Linux 11 (bullseye) > > > Release: 11 > > > Codename: bullseye > > > root@mx01:~# smtpd -h > > > version: OpenSMTPD 6.8.0p2 > > > usage: smtpd [-dFhnv] [-D macro=value] [-f file] [-P system] [-T trace] > > > > > > root@mx01:~# cat /etc/network/interfaces > > > # This file describes the network interfaces available on your system > > > # and how to activate them. For more information, see interfaces(5). > > > > > > source /etc/network/interfaces.d/* > > > > > > # The loopback network interface > > > auto lo > > > iface lo inet loopback > > > > > > # The primary network interface > > > allow-hotplug ens192 > > > iface ens192 inet dhcp > > > > > > > > > Any info else you need? > > > > > > Cheers, > > > > > > Simon > > >